TCP connection timeout


I’m having some networking problems with KVM and pfSense firewall.
Host is Ubuntu 12, KVM version 1.0. pfSense 2.1 RC.
I confifgured the firewall VM using two e1000 cards. pfSense 2.1 supports VirtIO networking, but doesn’t seem to be that much faster, at least in this version. I tried using rtl device as WAN, issue persists.

The main problem is that my TCP connection often time out. I notice this mainly on ssh and smtp: I try an ssh command and times out then I reissue the same command one second later and connection is established immediately. Same for smtp, first mx fails, second one goes perfectly!

I’m not 100% sure this is a KVM issue, but apparently pfSense users on other VM platforms or on physical machines aren’t affected.
Any hint on what I could check?


I add here relevant configs


auto br0
iface br0 inet static
bridge-ports eth0
bridge-fd 0
bridge-hello 2
bridge-maxage 12
bridge-stp off

auto br1
iface br1 inet manual
bridge-ports eth1
bridge-fd 0
bridge-hello 2
bridge-maxage 12
bridge-stp off

VM definition:

<domain type='kvm' id='74'> <name>pfsense2_1</name> <uuid>0dffd074-abc0-2654-22b4-789b1a99f25f</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <vcpu>1</vcpu> <os> <type arch='x86_64' machine='pc-1.0'>hvm</type> <boot dev='hd'/> </os> <features> <acpi/> <apic/> <pae/> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/bin/kvm</emulator> <disk type='block' device='disk'> <driver name='qemu' type='raw'/> <source dev='/dev/vgobs/pfsense2_1'/> <target dev='vda' bus='virtio'/> <alias name='virtio-disk0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </disk> <disk type='block' device='cdrom'> <driver name='qemu' type='raw'/> <target dev='hdc' bus='ide'/> <readonly/> <alias name='ide0-1-0'/> <address type='drive' controller='0' bus='1' unit='0'/> </disk> <controller type='ide' index='0'> <alias name='ide0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <interface type='bridge'> <mac address='52:54:00:fa:e1:61'/> <source bridge='br0'/> <target dev='vnet4'/> <model type='e1000'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='bridge'> <mac address='52:54:00:75:80:bd'/> <source bridge='br1'/> <target dev='vnet5'/> <model type='e1000'/> <alias name='net1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/3'/> <target port='0'/> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/3'> <source path='/dev/pts/3'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <input type='mouse' bus='ps2'/> <graphics type='vnc' port='5904' autoport='yes'/> <video> <model type='cirrus' vram='9216' heads='1'/> <alias name='video0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <memballoon model='virtio'> <alias name='balloon0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </memballoon> </devices> <seclabel type='dynamic' model='apparmor' relabel='yes'> <label>libvirt-0dffd074-abc0-2654-22b4-789b1a99f25f</label> <imagelabel>libvirt-0dffd074-abc0-2654-22b4-789b1a99f25f</imagelabel> </seclabel>